As threat actors continue to adapt to the latest technologies, practices, and data privacy laws, it’s up to organisations to stay a step ahead by implementing strong cybersecurity measures and programs.
Based on research and what we saw last year, here’s a look at how cybercrime may evolve in 2023 and what you can do to secure and protect your business this year.
Mobile-specific cyber threats
With the increased use of smartphones in the workplace, mobile devices are prime targets for cyber-attack. In fact, in the last year, cyber crimes show an upward graph for mobile devices, with no signs of slowing down in 2023. In addition, several major companies, including Uber, were affected by security breaches involving one-time passcodes, which triggered a move from SMS-based authentication to multifactor authentication (MFA), which seems more secure.
As more organisations add MFA as a security layer, cyber attackers will likely pivote to exploit notification fatigue, bombarding an employee with approval requests until they finally relent.
Cybersecurity insurance will become harder to get
Demand for cyber insurance will increase, but it will become harder to get. Heightened awareness of the financial and reputational risks of cyber incidents such as ransomware attacks, data breaches, vulnerability exploitation etc., led to a steep increase in companies seeking cyber insurance. But, at the same time, underwriters are also making requirements for obtaining cyber insurance much stricter, requiring things like two-factor authentication and the adoption of specific technologies like EDR and more. These documents used to be a small questionnaire; now they’re full audits. So, increasing cyber insurance premiums and stricter requirements to obtain insurance will be interesting hurdles to watch in 2023.
Compared to counties like America, getting Cyber insurance in the UK is incredibly difficult. The increased requirements make it tricky, and the number of business insurance companies willing to cover cybersecurity is few and far between. While we predict this number will further decrease, we hope to see the gap filled by new independent cybersecurity insurance companies. In the meantime, we recommend getting your business Cyber Essentials certified. Not only does the scheme help protect against a range of common cyber-attacks, but it comes with £25,000 worth of cyber insurance*.
*Cyber insurance included with Cyber Essentials is for UK-based organisations with a turnover of less than 20 million. This cover gives up to £25,000 worth of liability.
A rise in cloud native breaches
Cloud computing is a powerful tool for businesses seeking to save money by using off-site storage and processing power. However, it also presents an opportunity for cybercrime. According to research, nearly half of all data breaches occurred in the cloud in 2022. As companies migrate parts or entire infrastructures to the cloud, we’ll see an increase in the amount of data stored in the cloud, creating more opportunities for cloud-native security incidents. Meaning cloud security should be a top priority for businesses in 2023.
The most reliable safeguard against cloud-based cybercrime is a zero-trust philosophy. The main principle behind zero trust is to verify everything automatically— essentially, not trust anyone without authorisation or inspection. This security measure is critical to protecting data and infrastructure stored in the cloud from threats.
Ransomware-as-a-Service will continue to grow
Ransomware attacks have become increasingly targeted — sectors such as healthcare, power, food, and agriculture are the latest industries to be victims. Additionally, with the rise in ransomware threats comes the increased use of Ransomware-as-a-Service (RaaS).
End-users are your organisation’s frontline against ransomware attacks, but they need the proper training to protect them against threat actors.
Cybersecurity procedures must be clearly documented and regularly tested so users can stay aware and vigilant against security breaches. However, it would be best to employ backup measures like password policy software, Multi-Factor Authentication, and email security tools.
Increase in supply chain attacks
SolarWinds and Log4j may have been wake-up calls, but we’re still a long way from having adequate tools to protect against digital supply chain vulnerabilities. Gartner predicts that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains.
We expect that supply chain attacks will continue to be a significant concern for companies and organisations in the coming years. Supply chain attacks can be particularly effective because they can compromise the security of a large number of end users at once, and they can be challenging to detect and defend against. To protect against the potential risks posed by supply chain attacks, companies and organisations must implement robust security measures, conduct regular risk assessments, and maintain solid relationships with suppliers and other third parties to promptly identify and address security risks.
New Data privacy laws on the way for UK businesses
We should expect to see new Data privacy laws from the UK government this year. Data privacy laws often require changes to how companies store and process data, and implementing these new changes might open you up to additional risk if they are not implemented carefully. When the time comes, you should enlist the help of experts to ensure your organisation follows proper cyber security protocols.
Digital transformation, the Internet of Things, and remote work have vastly expanded cyber-attack surfaces for businesses. To protect employees and data in the hybrid world of work, many companies rushed to buy a myriad of new security solutions. Unfortunately, this has created highly complex security landscapes in which the tools don’t work well together, leaving holes in cyber defences and creating more work for IT teams. As a result, 2023 will be all about consolidation: fewer tools, more platforms, and everything networked efficiently and highly automated.
Organisations will turn to managed services to manage security better
General feelings of economic uncertainty have swept through nearly every sector, leaving executives with many difficult budgeting decisions. In many instances, organisations will be looking to do more with less in 2023 – or more with the same. One way organisations can accomplish this is by opting for managed services in their security budgets. Some IT teams will turn towards these services to fill internal skill gaps and help achieve organisational security goals, like improving maturity, unlocking 24x7 visibility and optimising threat detection and response.